To Örebro University

oru.seÖrebro University Publications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Policy components - a conceptual model for modularizing and tailoring of information security policies
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-4439-4713
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3265-7627
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3722-6797
2023 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 31, no 3, p. 331-352Article in journal (Refereed) Published
Abstract [en]

Purpose: This paper aims to propose a conceptual model of policy components for software that supports modularizing and tailoring of information security policies (ISPs).

Design/methodology/approach: This study used a design science research approach, drawing on design knowledge from the field of situational method engineering. The conceptual model was developed as a unified modeling language class diagram using existing ISPs from public agencies in Sweden.

Findings: This study's demonstration as proof of concept indicates that the conceptual model can be used to create free-standing modules that provide guidance about information security in relation to a specific work task and that these modules can be used across multiple tailored ISPs. Thus, the model can be considered as a step toward developing software to tailor ISPs.

Research limitations/implications: The proposed conceptual model bears several short- and long-term implications for research. In the short term, the model can act as a foundation for developing software to design tailored ISPs. In the long term, having software that enables tailorable ISPs will allow researchers to do new types of studies, such as evaluating the software's effectiveness in the ISP development process.

Practical implications: Practitioners can use the model to develop software that assist information security managers in designing tailored ISPs. Such a tool can offer the opportunity for information security managers to design more purposeful ISPs.

Originality/value: The proposed model offers a detailed and well-elaborated starting point for developing software that supports modularizing and tailoring of ISPs.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2023. Vol. 31, no 3, p. 331-352
Keywords [en]
Information security policy, Information security management, Policy component, Situational method engineering, Policy design
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:oru:diva-104974DOI: 10.1108/ICS-10-2022-0160ISI: 000930607700001Scopus ID: 2-s2.0-85147558346OAI: oai:DiVA.org:oru-104974DiVA, id: diva2:1743939
Available from: 2023-03-16 Created: 2023-03-16 Last updated: 2024-06-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Rostami, ElhamKarlsson, FredrikGao, Shang

Search in DiVA

By author/editor
Rostami, ElhamKarlsson, FredrikGao, Shang
By organisation
Örebro University School of Business
In the same journal
Information and Computer Security
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 135 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf